bcgov / Cloud-Pathfinder-Azure

Apache License 2.0
0 stars 0 forks source link

Verify DINE Policy for SQL Server DNS Records #186

Closed wrnu closed 2 days ago

wrnu commented 2 weeks ago

As a platform administrator,

I want to confirm that the DINE policy automatically creates DNS A-records for SQL Server deployments in our central private DNS zone, so that SQL Server instances are properly discoverable within our network.

Background

Acceptance Criteria

  1. When a new SQL Server is deployed in the forge environment:

    • An A-record is automatically created in the central private DNS zone
    • The A-record correctly points to the SQL Server's IP address
    • The record name follows the expected naming convention
  2. The DINE policy properly identifies SQL Server resources:

    • Confirm the sqlServer groupId correctly targets SQL Server deployments
    • No false positives (policy doesn't trigger for non-SQL Server resources)
    • No false negatives (policy doesn't miss any SQL Server deployments)

Test Steps

  1. Deploy a new SQL Server instance in the forge environment
  2. Wait for policy evaluation cycle
  3. Check the central private DNS zone for the new A-record
  4. Verify the record's IP address matches the SQL Server instance
  5. Document findings, especially regarding the sqlServer groupId accuracy

Additional Notes